I find this news disconcerting coming from such a large instance so early on. Many of the criticisms of Lemmy I’ve been fighting against on Reddit have had to do with defederation and the possibility of getting cut off from your favorite communities on your main account. I handwaved that away as being extremely unlikely save for the exception of NSFW or extreme political content. But this news has taken me quite by surprise. Perhaps I should have seen it coming given the community Beehaw is trying to foster.
This really makes me wonder what will happen to instances that make this decision. Will their communities diminish in favor of the more accessible ones? Will this decision hurt Beehaw in the long run? What does this mean for the Fediverse in the near future when fighting against its detractors has been such an uphill battle?
Thoughts?
We almost had decentralized logins with OpenID. I remember the push. It started seeing more widespread usage in the spaces I visited at the time, and even Google is/was an OpenID provider. Facebook and their “Login with Facebook” nonsense took things backwards when other vendors wanted to be a
data trackerlogin provider, also.With the ban evasion scenario you mentioned, having something like OpenID would give you an immutable ID number that can be used anywhere. Bans and blocks would go according to that ID, and evasion would require a new account. I think that would be a good middle ground for data privacy. It does make law enforcement’s job harder, though. Which does take us back to square one when it comes to removal of content, especially illegal content.
I am actually reaching the end of my knowledge on the subject in the following, so if anything after this is flat-out wrong with the technologies listed, I’d love some corrections.
If we go purely theoretical with existing tools, a blockchain would ideally assign those unique IDs. That’s a username and account creation date. GPG to sign each request (the second factor), and the entered password with the signature would decrypt an encrypted blob on IPFS with the requested information, similar to how Storj DCS stores data in encrypted buckets. Enter the wrong password, you get an empty bucket. Password recovery becomes an issue at that point, but one really should be using a password manager, passphrase, or hardware key these days, anyway.
Or use it as a feature and increase overall privacy by using a different password for each unique data blob shared with a service you’re authenticating with. It won’t matter, because your ID won’t change. For law enforcement, that does make things exponentially more difficult, maybe if you store the successful login attempts on the blockchain with the metadata that they claim to obtain from companies, it might work? There does have to be a balance between transparency and privacy.
A blockchain does seem like overkill for that, though. Having a unique Username might be good enough, since you don’t really want to have multiple users with the same display name anyway. Otherwise, things might start getting a bit confusing, especially if they’re both in the same instance.
Feels like a simple method would be a login provider that is related to the government. The gov have the best way to identify you and prove that you are who you are. That’s how you would get one unique ID that cannot be evaded by simply creating a new account.
Although, if you get banned from a community, there would be no way to get back in it because your gov id would be banned. Maybe the ban appeal could be more official instead of a letter to a random mod and hope you get an answer, hell, why not judiciarice the whole ban appeal thing so that you do have real recourse if you ever get banned for no good reason, a bit like when you get fired from a job.
Food for thought…